NIST CSF 2.0 Category

GV.RM Risk Management Strategy

GV Govern | Set risk appetite and treatment methods that leadership and operations can apply consistently.

Implementation Objective

Define a repeatable risk decision model that guides prioritization, treatment selection, and executive accountability.

Implementation Actions

Define risk scoring criteria.
Standardize treatment options and approvals.
Run recurring risk governance reviews.

Evidence Examples

Risk methodology
Risk register
Risk acceptance records

Suggested Metrics

High-risk items past SLA
Risk decision review completion rate

Framework Crosswalk

Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.

NIST SP 800-171 Families

CIS Controls v8

Navigation

Back to NIST CSF 2.0 Categories CIS Controls v8 Guidance FedRAMP Guidance Cybersecurity Glossary